Example: Enabling SYN Cookie Protection (CLI)
The following example shows how to set the SYN flood attack threshold.
 | Note: The SYN Cookie feature can only detect and protect against spoofed SYN flood attacks, thus minimizing the negative impact to hosts that are secured by JUNOS Software. If an attacker is using a legitimate IP source address, rather than a spoofed IP source, then the SYN-Cookie mechanism does not stop the attack. |
user@host# set security screen ids-option external-syn-flood
tcp syn-flood timeout 20user@host# set security zones security-zone external screen
external-syn-flooduser@host# set security flow syn-flood-protection-mode
syn-cookie
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices